DOCSLIB.ORG

Public-Key Cryptography

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Public-key Cryptogra; Theory and Practice ABHIJIT DAS Department of Computer Science and Engineering Indian Institute of Technology Kharagpur C. E. VENIMADHAVAN Department of Computer Science and Automation Indian Institute ofScience, Bangalore PEARSON Chennai • Delhi • Chandigarh Upper Saddle River • Boston • London Sydney • Singapore • Hong Kong • Toronto • Tokyo Contents Preface xiii Notations xv 1 Overview 1 1.1 Introduction 2 1.2 Common Cryptographic Primitives 2 1.2.1 The Classical Problem: Secure Transmission of Messages 2 Symmetric-key or secret-key cryptography 4 Asymmetric-key or public-key cryptography 4 1.2.2 Key Exchange 5 1.2.3 Digital Signatures 5 1.2.4 Entity Authentication 6 1.2.5 Secret Sharing 8 1.2.6 Hashing 8 1.2.7 Certification 9 1.3 Public-key Cryptography 9 1.3.1 The Mathematical Problems 9 1.3.2 Realization of Key Pairs 10 1.3.3 Public-key Cryptanalysis 11 1.4 Some Cryptographic Terms 11 1.4.1 Models of Attacks 12 1.4.2 Models of Passive Attacks 12 1.4.3 Public Versus Private Algorithms 13 2 Mathematical Concepts 15 2.1 Introduction 16 2.2 Sets, Relations and Functions 16 2.2.1 Set Operations 17 2.2.2 Relations 17 2.2.3 Functions 18 2.2.4 The Axioms of Mathematics 19 Exercise Set 2.2 20 2.3 Groups 21 2.3.1 Definition and Basic Properties . 21 2.3.2 Subgroups, Cosets and Quotient Groups 23 2.3.3 Homomorphisms 25 2.3.4 Generators and Orders 26 2.3.5 Sylow's Theorem 27 Exercise Set 2.3 29 2.4 Rings 31 2.4.1 Definition and Basic Properties 31 2.4.2 Subrings, Ideals and Quotient Rings 34 2.4.3 Homomorphisms 37 2.4.4 Factorization in Rings 39 Exercise Set 2.4 42 2.5 Integers 44 iv Contents 2.5.1 Divisibility 44 2.5.2 Congruences 45 2.5.3 Quadratic Residues 48 2.5.4 Some Assorted Topics 52 The prime number theorem 53 Density of smooth integers 54 The extended Riemann hypothesis 54 Exercise Set 2.5 56 2.6 Polynomials 57 2.6.1 Elementary Properties 58 2.6.2 Roots of Polynomials 59 2.6.3 Algebraic Elements and Extensions 61 Exercise Set 2.6 63 2.7 Vector Spaces and Modules 64 2.7.1 Vector Spaces 65 2.7.2 Modules 69 2.7.3 Algebras 71 Exercise Set 2.7 72 2.8 Fields 74 2.8.1 Properties of Field Extensions 74 2.8.2 Splitting Fields and Algebraic Closure 76 2.8.3 Elements of Galois Theory 78 Exercise Set 2.8 79 2.9 Finite Fields 80 2.9.1 Existence and Uniqueness of Finite Fields 80 2.9.2 Polynomials over Finite Fields 82 2.9.3 Representation of Finite Fields 85 Exercise Set 2.9 88 2.10 Affine and Projective Curves 90 2.10.1 Plane Curves 90 2.10.2 Polynomial and Rational Functions on Plane Curves 92 2.10.3 Maps Between Plane Curves 95 2.10.4 Divisors on Plane Curves 95 Exercise Set 2.10 97 2.11 Elliptic Curves 98 2.11.1 The Weierstrass Equation 98 2.11.2 The Elliptic Curve Group 101 2.11.3 Elliptic Curves over Finite Fields 106 Exercise Set 2.11 107 2.12 HyperellipticCurves Ill 2.12.1 The Defining Equations Ill 2.12.2 Polynomial and Rational Functions 112 2.12.3 TheJacobian 115 Exercise Set 2.12 118 2.13 Number Fields 119 2.13.1 Some Commutative Algebra 120 Ideal arithmetic 120 Localization 120 Integral dependence 121 Contents v Noetherian rings 1^J Dedekind domains 125 2.13.2 Number Fields and Rings 125 2.13.3 Unique Factorization of Ideals 131 2.13.4 Norms of Ideals 135 2.13.5 Rational Primes in Number Rings 137 139 2.13.6 Units in a Number Ring Exercise Set 2.13 139 2.14 p-adic Numbers 143 2.14.1 The Arithmetic of p-adic Numbers 143 2.14.2 The p-adic Valuation 145 2.14.3 Hensel's Lemma 149 Exercise Set 2.14 151 2.15 Statistical Methods I54 2.15.1 Random Variables and Their Probability Distributions 154 2.15.2 Operations on Random Variables 155 2.15.3 Expectation, Variance and Correlation 159 2.15.4 Some Famous Probability Distributions 162 ' Uniform distribution 162 Bernoulli distribution 163 Normal distribution 163 2.15.5 Sample Mean, Variation and Correlation 164 Exercise Set 2.15 165 3 Algebraic and Number-theoretic Computations 173 3.1 Introduction 174 3.2 Complexity Issues 174 3.2.1 OrderNotations 175 3.2.2 Randomized Algorithms 177 3.2.3 Reduction Between ComputationalProblems 178 Exercise Set 3.2 179 3.3 Multiple-precision Integer Arithmetic 180 3.3.1 Representation of Large Integers 181 3.3.2 Basic Arithmetic Operations 181 Addition and subtraction 182 Multiplication 183 Squaring 184 Fast multiplication 184 Division 185 Bit-wise operations 187 3.3.3 GCD . 187 3.3.4 Modular Arithmetic 190 Modular exponentiation 190 Montgomery exponentiation 192 Exercise Set 3.3 193 3.4 Elementary Number-theoretic Computations 195 3.4.1 Primality Testing '. 195 Deterministic . primality proving , 197 3.4.2 Generating Random Primes 199 vi Contents 3.4.3 Modular Square Roots 200 Exercise Set 3.4 201 3.5 Arithmetic in Finite Fields 204 3.5.1 Arithmetic in the Ring F2 [X] 204 3.5.2 Finite Fields of Characteristic 2 208 3.5.3 Selecting Suitable Finite Fields 210 3.5.4 Factoring Polynomials over Finite Fields 212 Square-free factorization 212 Distinct-degree factorization 213 Equal-degree factorization 214 Exercise Set 3.5 215 3.6 Arithmetic on Elliptic Curves 218 3.6.1 Point Arithmetic 218 3.6.2 Counting Points on Elliptic Curves 219 The SEA algorithm 219 The Satoh-FGH algorithm 221 3.6.3 Choosing Good Elliptic Curves 223 3.7 Arithmetic on Hyperelliptic Curves 224 3.7.1 Arithmetic in the Jacobian 225 3.7.2 Counting Points in Jacobians of Hyperelliptic Curves 225 Exercise Set 3.7 228 3.8 Random Numbers 228 3.8.1 Pseudorandom Bit Generators 228 3.8.2 Cryptographically Strong Pseudorandom Bit Generators 229 3.8.3 Seeding Pseudorandom Bit Generators 230 Exercise Set 3.8 231 4 The Intractable Mathematical Problems 237 4.1 Introduction 238 4.2 The Problems at a Glance 239 Exercise Set 4.2 242 4.3 The Integer Factorization Problem 243 4.3.1 Older Algorithms 244 Trial division 244 Pollard's rho method 244 Pollard's p-1 method 245 Williams' p + 1 method 247 4.3.2 The Quadratic Sieve Method 248 The basic algorithm 248 Sieving 249 Incomplete sieving 251 Large prime variation 251 The multiple polynomial quadratic sieve 252 Parallelization 253 TWINKLE: Shamir's factoring device 254 4.3.3 Factorization Using Elliptic Curves 255 4.3.4 The Number Field Sieve Method 258 Selecting the polynomial f(X) 259 Construction of Q 259 Contents vii Construction of Q 259 Construction of U 260 260 Computing the factorization of a + ba Sieving 261 The running time of the SNFSM 262 Exercise Set 4.3 262 4.4 The Finite Field Discrete Logarithm Problem 264 4.4.1 Square Root Methods 264 Shanks'baby-step-giant-step method 265 Pollard's rho method 265 The Pohlig-Hellman method 266 4.4.2 The Index Calculus Method 267 4.4.3 Algorithms for Prime Fields 268 The basic ICM 268 The linear sieve method 270 The number field sieve method 272 4.4.4 Algorithms for Fields of Characteristic 2 273 The basic ICM 274. The adaptation of the linear sieve method 275 Coppersmith's algorithm 276 Exercise Set 4.4 279 4.5 The Elliptic Curve Discrete Logarithm Problem (ECDLP) 281 4.5.1 The MOV Reduction 282 The correctness of the algorithm 283 Choosing fc 284 Computing em{P,R) 284 4.5.2 The SmartASS Method 286 4.5.3 The Xedni Calculus Method 289 Exercise Set 4.5 291 4.6 The Hyperelliptic Curve Discrete Logarithm Problem 292 4.6.1 Choosing the Factor Base 293 4.6.2 Checking the Smoothness of a Divisor 293 4.6.3 The Algorithm 294 4.7 Solving Large Sparse Linear Systems over Finite Rings 294 4.7.1 Structured Gaussian Elimination 296 4.7.2 The Conjugate Gradient Method 297 4.7.3 The Lanczos Method 298 4.7.4 The Wiedemann Method 299 4.8 The Subset Sum Problem 300 4.8.1 The Low-Density Subset Sum Problem 301 4.8.2 The Lattice-Basis Reduction Algorithm 302 Exercise Set 4.8 304 5 Cryptographic Algorithms 309 5.1 Introduction 310 5.2 Secure Transmission of Messages 310 5.2.1 The RSA Public-key Encryption Algorithm 310 RSA key pair 310 RSA encryption 312 viii Contents RSA decryption 312 5.2.2 The Rabin Public-key Encryption Algorithm 313 Rabin key pair 313 Rabin encryption 314 Rabin decryption 314 5.2.3 The Goldwasser-Micali Encryption Algorithm 315 Goldwasser-Micali key pair 315 Goldwasser-Micali encryption 315 Goldwasser-Micali decryption 316 5.2.4 The Blum-Goldwasser Encryption Algorithm 317 Blum-Goldwasser key pair 317 Blum-Goldwasser encryption 318 Blum-Goldwasser decryption 318 5.2.5 The ElGamal Public-key Encryption Algorithm 319 ElGamal key pair 319 ElGamal encryption 320 ElGamal decryption 320 5.2.6 The Chor-Rivest Public-key Encryption Algorithm 321 Chor-Rivest key pair 321 Chor-Rivest encryption 322 Chor-Rivest decryption 322 5.2.7 The XTR Public-key Encryption Algorithm 323 XTR key pair 327 XTR encryption 327 XTR decryption 328 5.2.8 The NTRU Public-key Encryption Algorithm 328 NTRU key pair 328 NTRU encryption 330 NTRU decryption 331 Exercise Set 5.2 332 5.3 Key Exchange 334 5.3.1 Basic Key-Exchange Protocols 334 The Diffie-Hellman key-exchange protocol 334 Small-subgroup attacks 335 Cofactor exponentiation 336 5.3.2 Authenticated Key-Exchange Protocols 336 Unknown key-share attacks 336 The Menezes-Qu-Vanstone key-exchangeprotocol 338 Exercise Set 5.3 339 5.4 Digital Signatures 340 5.4.1 The RSA Digital Signature Algorithm 341 5.4.2 The Rabin Digital Signature Algorithm 342 5.4.3 The ElGamal Digital Signature Algorithm 343 5.4.4 The Schnorr Digital Signature Algorithm 344 5.4.5 The Nyberg-Rueppel Digital Signature Algorithm 345 5.4.6 The Digital Signature Algorithm (DSA) 346 5.4.7 The Elliptic Curve Digital Signature Algorithm (ECDSA) 348 5.4.8 The XTR Signature Algorithm 349 5.4.9 The NTRUSign Algorithm 352 Contents ix 5.4.10 Blind Signature Schemes 355 Chaum's RSA blind signature
Recommended publications
  • Etsi Gr Qsc 001 V1.1.1 (2016-07)

    Etsi Gr Qsc 001 V1.1.1 (2016-07)

    ETSI GR QSC 001 V1.1.1 (2016-07) GROUP REPORT Quantum-Safe Cryptography (QSC); Quantum-safe algorithmic framework 2 ETSI GR QSC 001 V1.1.1 (2016-07) Reference DGR/QSC-001 Keywords algorithm, authentication, confidentiality, security ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88 Important notice The present document can be downloaded from: http://www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https://portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI.
  • Bilinear Map Cryptography from Progressively Weaker Assumptions

    Bilinear Map Cryptography from Progressively Weaker Assumptions

    Full version of an extended abstract published in Proceedings of CT-RSA 2013, Springer-Verlag, Feb. 2013. Available from the IACR Cryptology ePrint Archive as Report 2012/687. The k-BDH Assumption Family: Bilinear Map Cryptography from Progressively Weaker Assumptions Karyn Benson, Hovav Shacham ∗ Brent Watersy University of California, San Diego University of Texas at Austin fkbenson, [email protected] [email protected] February 4, 2013 Abstract Over the past decade bilinear maps have been used to build a large variety of cryptosystems. In addition to new functionality, we have concurrently seen the emergence of many strong assump- tions. In this work, we explore how to build bilinear map cryptosystems under progressively weaker assumptions. We propose k-BDH, a new family of progressively weaker assumptions that generalizes the de- cisional bilinear Diffie-Hellman (DBDH) assumption. We give evidence in the generic group model that each assumption in our family is strictly weaker than the assumptions before it. DBDH has been used for proving many schemes secure, notably identity-based and functional encryption schemes; we expect that our k-BDH will lead to generalizations of many such schemes. To illustrate the usefulness of our k-BDH family, we construct a family of selectively secure Identity-Based Encryption (IBE) systems based on it. Our system can be viewed as a generalization of the Boneh-Boyen IBE, however, the construction and proof require new ideas to fit the family. We then extend our methods to produces hierarchical IBEs and CCA security; and give a fully secure variant. In addition, we discuss the opportunities and challenges of building new systems under our weaker assumption family.
  • Circuit-Extension Handshakes for Tor Achieving Forward Secrecy in a Quantum World

    Circuit-Extension Handshakes for Tor Achieving Forward Secrecy in a Quantum World

    Proceedings on Privacy Enhancing Technologies ; 2016 (4):219–236 John M. Schanck*, William Whyte, and Zhenfei Zhang Circuit-extension handshakes for Tor achieving forward secrecy in a quantum world Abstract: We propose a circuit extension handshake for 2. Anonymity: Some one-way authenticated key ex- Tor that is forward secure against adversaries who gain change protocols, such as ntor [13], guarantee that quantum computing capabilities after session negotia- the unauthenticated peer does not reveal their iden- tion. In doing so, we refine the notion of an authen- tity just by participating in the protocol. Such pro- ticated and confidential channel establishment (ACCE) tocols are deemed one-way anonymous. protocol and define pre-quantum, transitional, and post- 3. Forward Secrecy: A protocol provides forward quantum ACCE security. These new definitions reflect secrecy if the compromise of a party’s long-term the types of adversaries that a protocol might be de- key material does not affect the secrecy of session signed to resist. We prove that, with some small mod- keys negotiated prior to the compromise. Forward ifications, the currently deployed Tor circuit extension secrecy is typically achieved by mixing long-term handshake, ntor, provides pre-quantum ACCE security. key material with ephemeral keys that are discarded We then prove that our new protocol, when instantiated as soon as the session has been established. with a post-quantum key encapsulation mechanism, Forward secret protocols are a particularly effective tool achieves the stronger notion of transitional ACCE se- for resisting mass surveillance as they resist a broad curity. Finally, we instantiate our protocol with NTRU- class of harvest-then-decrypt attacks.
  • Jeffrey Hoffstein Jill Pipher Joseph H. Silverman

    Jeffrey Hoffstein Jill Pipher Joseph H. Silverman

    Undergraduate Texts in Mathematics Je rey Ho stein Jill Pipher Joseph H. Silverman An Introduction to Mathematical Cryptography Second Edition Undergraduate Texts in Mathematics Undergraduate Texts in Mathematics Series Editors: Sheldon Axler San Francisco State University, San Francisco, CA, USA Kenneth Ribet University of California, Berkeley, CA, USA Advisory Board: Colin Adams, Williams College, Williamstown, MA, USA Alejandro Adem, University of British Columbia, Vancouver, BC, Canada Ruth Charney, Brandeis University, Waltham, MA, USA Irene M. Gamba, The University of Texas at Austin, Austin, TX, USA Roger E. Howe, Yale University, New Haven, CT, USA David Jerison, Massachusetts Institute of Technology, Cambridge, MA, USA Jeffrey C. Lagarias, University of Michigan, Ann Arbor, MI, USA Jill Pipher, Brown University, Providence, RI, USA Fadil Santosa, University of Minnesota, Minneapolis, MN, USA Amie Wilkinson, University of Chicago, Chicago, IL, USA Undergraduate Texts in Mathematics are generally aimed at third- and fourth- year undergraduate mathematics students at North American universities. These texts strive to provide students and teachers with new perspectives and novel approaches. The books include motivation that guides the reader to an appreciation of interre- lations among different aspects of the subject. They feature examples that illustrate key concepts as well as exercises that strengthen understanding. More information about this series at http://www.springer.com/series/666 Jeffrey Hoffstein • Jill Pipher Joseph
  • NSS: an NTRU Lattice –Based Signature Scheme

    NSS: an NTRU Lattice –Based Signature Scheme

    ISSN(Online) : 2319 - 8753 ISSN (Print) : 2347 - 6710 International Journal of Innovative Research in Science, Engineering and Technology (An ISO 3297: 2007 Certified Organization) Vol. 4, Issue 4, April 2015 NSS: An NTRU Lattice –Based Signature Scheme S.Esther Sukila Department of Mathematics, Bharath University, Chennai, Tamil Nadu, India ABSTRACT: Whenever a PKC is designed, it is also analyzed whether it could be used as a signature scheme. In this paper, how the NTRU concept can be used to form a digital signature scheme [1] is described. I. INTRODUCTION Digital Signature Schemes The notion of a digital signature may prove to be one of the most fundamental and useful inventions of modern cryptography. A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. The creator of a message can attach a code, the signature, which guarantees the source and integrity of the message. A valid digital signature gives a recipient reason to believe that the message was created by a known sender and that it was not altered in transit. Digital signatures are commonly used for software distribution, financial transactions etc. Digital signatures are equivalent to traditional handwritten signatures. Properly implemented digital signatures are more difficult to forge than the handwritten type. 1.1A digital signature scheme typically consists of three algorithms A key generationalgorithm, that selects a private key uniformly at random from a set of possible private keys. The algorithm outputs the private key and a corresponding public key. A signing algorithm, that given a message and a private key produces a signature.
  • The Twin Diffie-Hellman Problem and Applications

    The Twin Diffie-Hellman Problem and Applications

    The Twin Diffie-Hellman Problem and Applications David Cash1 Eike Kiltz2 Victor Shoup3 February 10, 2009 Abstract We propose a new computational problem called the twin Diffie-Hellman problem. This problem is closely related to the usual (computational) Diffie-Hellman problem and can be used in many of the same cryptographic constructions that are based on the Diffie-Hellman problem. Moreover, the twin Diffie-Hellman problem is at least as hard as the ordinary Diffie-Hellman problem. However, we are able to show that the twin Diffie-Hellman problem remains hard, even in the presence of a decision oracle that recognizes solutions to the problem — this is a feature not enjoyed by the Diffie-Hellman problem in general. Specifically, we show how to build a certain “trapdoor test” that allows us to effectively answer decision oracle queries for the twin Diffie-Hellman problem without knowing any of the corresponding discrete logarithms. Our new techniques have many applications. As one such application, we present a new variant of ElGamal encryption with very short ciphertexts, and with a very simple and tight security proof, in the random oracle model, under the assumption that the ordinary Diffie-Hellman problem is hard. We present several other applications as well, including: a new variant of Diffie and Hellman’s non-interactive key exchange protocol; a new variant of Cramer-Shoup encryption, with a very simple proof in the standard model; a new variant of Boneh-Franklin identity-based encryption, with very short ciphertexts; a more robust version of a password-authenticated key exchange protocol of Abdalla and Pointcheval.
  • Lattice-Based Cryptography - a Comparative Description and Analysis of Proposed Schemes

    Lattice-Based Cryptography - a Comparative Description and Analysis of Proposed Schemes

    Lattice-based cryptography - A comparative description and analysis of proposed schemes Einar Løvhøiden Antonsen Thesis submitted for the degree of Master in Informatics: programming and networks 60 credits Department of Informatics Faculty of mathematics and natural sciences UNIVERSITY OF OSLO Autumn 2017 Lattice-based cryptography - A comparative description and analysis of proposed schemes Einar Løvhøiden Antonsen c 2017 Einar Løvhøiden Antonsen Lattice-based cryptography - A comparative description and analysis of proposed schemes http://www.duo.uio.no/ Printed: Reprosentralen, University of Oslo Acknowledgement I would like to thank my supervisor, Leif Nilsen, for all the help and guidance during my work with this thesis. I would also like to thank all my friends and family for the support. And a shoutout to Bliss and the guys there (you know who you are) for providing a place to relax during stressful times. 1 Abstract The standard public-key cryptosystems used today relies mathematical problems that require a lot of computing force to solve, so much that, with the right parameters, they are computationally unsolvable. But there are quantum algorithms that are able to solve these problems in much shorter time. These quantum algorithms have been known for many years, but have only been a problem in theory because of the lack of quantum computers. But with recent development in the building of quantum computers, the cryptographic world is looking for quantum-resistant replacements for today’s standard public-key cryptosystems. Public-key cryptosystems based on lattices are possible replacements. This thesis presents several possible candidates for new standard public-key cryptosystems, mainly NTRU and ring-LWE-based systems.
  • Blind Schnorr Signatures in the Algebraic Group Model

    Blind Schnorr Signatures in the Algebraic Group Model

    An extended abstract of this work appears in EUROCRYPT’20. This is the full version. Blind Schnorr Signatures and Signed ElGamal Encryption in the Algebraic Group Model Georg Fuchsbauer1, Antoine Plouviez2, and Yannick Seurin3 1 TU Wien, Austria 2 Inria, ENS, CNRS, PSL, Paris, France 3 ANSSI, Paris, France first.last@{tuwien.ac.at,ens.fr,m4x.org} January 16, 2021 Abstract. The Schnorr blind signing protocol allows blind issuing of Schnorr signatures, one of the most widely used signatures. Despite its practical relevance, its security analysis is unsatisfactory. The only known security proof is rather informal and in the combination of the generic group model (GGM) and the random oracle model (ROM) assuming that the “ROS problem” is hard. The situation is similar for (Schnorr-)signed ElGamal encryption, a simple CCA2-secure variant of ElGamal. We analyze the security of these schemes in the algebraic group model (AGM), an idealized model closer to the standard model than the GGM. We first prove tight security of Schnorr signatures from the discrete logarithm assumption (DL) in the AGM+ROM. We then give a rigorous proof for blind Schnorr signatures in the AGM+ROM assuming hardness of the one-more discrete logarithm problem and ROS. As ROS can be solved in sub-exponential time using Wagner’s algorithm, we propose a simple modification of the signing protocol, which leaves the signatures unchanged. It is therefore compatible with systems that already use Schnorr signatures, such as blockchain protocols. We show that the security of our modified scheme relies on the hardness of a problem related to ROS that appears much harder.
  • Implementation and Performance Evaluation of XTR Over Wireless Network

    Implementation and Performance Evaluation of XTR Over Wireless Network

    Implementation and Performance Evaluation of XTR over Wireless Network By Basem Shihada [email protected] Dept. of Computer Science 200 University Avenue West Waterloo, Ontario, Canada (519) 888-4567 ext. 6238 CS 887 Final Project 19th of April 2002 Implementation and Performance Evaluation of XTR over Wireless Network 1. Abstract Wireless systems require reliable data transmission, large bandwidth and maximum data security. Most current implementations of wireless security algorithms perform lots of operations on the wireless device. This result in a large number of computation overhead, thus reducing the device performance. Furthermore, many current implementations do not provide a fast level of security measures such as client authentication, authorization, data validation and data encryption. XTR is an abbreviation of Efficient and Compact Subgroup Trace Representation (ECSTR). Developed by Arjen Lenstra & Eric Verheul and considered a new public key cryptographic security system that merges high level of security GF(p6) with less number of computation GF(p2). The claim here is that XTR has less communication requirements, and significant computation advantages, which indicate that XTR is suitable for the small computing devices such as, wireless devices, wireless internet, and general wireless applications. The hoping result is a more flexible and powerful secure wireless network that can be easily used for application deployment. This project presents an implementation and performance evaluation to XTR public key cryptographic system over wireless network. The goal of this project is to develop an efficient and portable secure wireless network, which perform a variety of wireless applications in a secure manner. The project literately surveys XTR mathematical and theoretical background as well as system implementation and deployment over wireless network.
  • Lecture 14: Elgamal Encryption, Hash Functions from DL, Prgs from DDH 1 Topics Covered 2 Recall 3 Key Agreement from the Diffie

    Lecture 14: Elgamal Encryption, Hash Functions from DL, Prgs from DDH 1 Topics Covered 2 Recall 3 Key Agreement from the Diffie

    CS 7880 Graduate Cryptography October 29, 2015 Lecture 14: ElGamal Encryption, Hash Functions from DL, PRGs from DDH Lecturer: Daniel Wichs Scribe: Biswaroop Maiti 1 Topics Covered • Public Key Encryption • A Public Key Encryption from the DDH Assumption • El Gamal Encryption • CRHF from Discrete Log • PRG from DDH 2 Recall Recall the three number theoretic assumptions we saw last time. We will build Crypto- graphic schemes or protocols based on the hardness of these problems. Definition 1 (G; g; q) Groupgen(1n) } Assumption 1 DL Given g; gX , it is hard to find X. Assumption 2 Computational Diffie Hellman Given g; gX ; gY , it is hard to find gXY . Assumption 3 Decisional Diffie Hellman Given g; gX ; gY , it is hard to distinguish between gXY and gZ , where Z is chosen at random. (g; gX ; gY ; gXY ) ≈ (g; gX ; gY ; gZ ) 3 Key Agreement from the Diffie Helman scheme AB x Zq X hA = g −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−£ Y hB = g ¡−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− Y Zq X XY Y XY hB = g hA = g The keys agreed upon by A and B is gXY . Lecture 14, Page 1 It is interesting to note that in this scheme, A and B were able to agree upon a key without communicating about it. Each party generates a puzzle uniformly at random: A X Y generates hA = g , and B generates hB = g . Then, they send their puzzles to each other, and establish the key to be gXY . Proving this scheme is secure is equivalent to showing that the DDH assumption holds. 4 Public Key Encryption The general syntax of Public Key Encryption is the following.
  • 11 Digital Signatures

    11 Digital Signatures

    This is a Chapter from the Handbook of Applied Cryptography, by A. Menezes, P. van Oorschot, and S. Vanstone, CRC Press, 1996. For further information, see www.cacr.math.uwaterloo.ca/hac CRC Press has granted the following specific permissions for the electronic version of this book: Permission is granted to retrieve, print and store a single copy of this chapter for personal use. This permission does not extend to binding multiple chapters of the book, photocopying or producing copies for other than personal use of the person creating the copy, or making electronic copies available for retrieval by others without prior permission in writing from CRC Press. Except where over-ridden by the specific permission above, the standard copyright notice from CRC Press applies to this electronic version: Neither this book nor any part may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, microfilming, and recording, or by any information storage or retrieval system, without prior permission in writing from the publisher. The consent of CRC Press does not extend to copying for general distribution, for promotion, for creating new works, or for resale. Specific permission must be obtained in writing from CRC Press for such copying. c 1997 by CRC Press, Inc. Chapter 11 Digital Signatures Contents in Brief 11.1 Introduction :::::::::::::::::::::::::::::425 11.2 A framework for digital signature mechanisms ::::::::::426 11.3 RSA and related signature schemes :::::::::::::::::433 11.4 Fiat-Shamir signature schemes :::::::::::::::::::447 11.5 The DSA and related signature schemes ::::::::::::::451 11.6 One-time digital signatures :::::::::::::::::::::462 11.7 Other signature schemes ::::::::::::::::::::::471 11.8 Signatures with additional functionality ::::::::::::::474 11.9 Notes and further references ::::::::::::::::::::481 11.1 Introduction This chapter considers techniques designed to provide the digital counterpart to a handwrit- ten signature.
  • DRAFT Special Publication 800-56A, Recommendation for Pair-Wise Key

    DRAFT Special Publication 800-56A, Recommendation for Pair-Wise Key

    The attached DRAFT document (provided here for historical purposes) has been superseded by the following publication: Publication Number: NIST Special Publication (SP) 800-56A Revision 2 Title: Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography Publication Date: 05/13/2013 • Final Publication: https://doi.org/10.6028/NIST.SP.800-56Ar2 (which links to http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf). • Information on other NIST Computer Security Division publications and programs can be found at: http://csrc.nist.gov/ The following information was posted with the attached DRAFT document: Aug 20, 2012 SP 800-56 A Rev.1 DRAFT Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography (Draft Revision) NIST announces the release of draft revision of Special Publication 800-56A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography. SP 800-56A specifies key-establishment schemes based on the discrete logarithm problem over finite fields and elliptic curves, including several variations of Diffie-Hellman and MQV key establishment schemes. The revision is made on the March 2007 version. The main changes are listed in Appendix D. Please submit comments to 56A2012rev-comments @ nist.gov with "Comments on SP 800-56A (Revision)" in the subject line. The comment period closes on October 31, 2012. NIST Special Publication 800-56A Recommendation for Pair-Wise August 2012 Key-Establishment Schemes Using Discrete Logarithm Cryptography (Draft Revision) Elaine Barker, Lily Chen, Miles Smid and Allen Roginsky C O M P U T E R S E C U R I T Y Abstract This Recommendation specifies key-establishment schemes based on the discrete logarithm problem over finite fields and elliptic curves, including several variations of Diffie-Hellman and MQV key establishment schemes.